Dennis Fisher and Mike Mimoso talk about the Bash Shellshock bug nightmare and the BadUSB code release.
Tag Archives: Vulnerabilities
Researcher Takes Wraps off Two Undisclosed Shellshock Vulnerabilities in Bash
Researcher Michal Zalewski published details on two recently discovered Shellshock vulnerabilities in Bash.
Second Same-Origin Policy Bypass Flaw Haunts Android Browser
There is another same-origin policy bypass vulnerability in the Android browser in versions prior to 4.4 that allows an attacker to steal data from a user’s browser.
Joomla Re-Issues Security Update After Patches Glitch
A security update for the Joomla content management system was pulled and re-issued after problems with the first set of patches for a remote file inclusion and denial of service vulnerability were discovered.
VMware Begins to Patch Bash Issues Across Product Line
VMware issued a progress report on fixes for four different types of products as they relate to the Bash vulnerability.
Schneider Electric Fixes Remotely Exploitable Flaw in 22 Different Products
There’s a remotely exploitable directory traversal vulnerability in more than 20 individual products from Schneider Electric that can enable an attacker to gain control of an affected machine.
Google Ups Chrome Bug Bounty, Offers More Money For Exploits
Google is again increasing the amount of money it offers to researchers who report vulnerabilities in Chrome as part of the company’s bug bounty program. Now, researchers will be able to earn $15,000 at the high end of the scale, and Google also is offering more cash for researchers who can submit a working exploit for […]
OpenVPN Vulnerable to Shellshock Bash Vulnerability
OpenVPN was found to be vulnerable to the Shellshock vulnerability in Bash as well. Fredrik Stromberg of Mullvad said the vulnerability is dangerous because it’s pre-authentication in OpenVPN.
Apple Patches Shellshock Vulnerability in Bash for OS X
Apple released its patch for the Bash vulnerability, repairing versions of OS X vulnerable to Shellshock exploits.
WPScan Vulnerability Database a New WordPress Security Resource
Researcher Ryan Dewhurst released the WPScan Vulnerability Database, a database housing security vulnerabilities in WordPress core code, plug-ins and themes. It’s available for pen-testers, WordPress administrators and developers.